Category Archives: Windows Intune

Looking forward to 2016…

So, after leaving 2015 behind us and getting started in 2016 it’s time to have a look what 2016 is going to bring us.

2015 was the year that got the adoption of cloud technology really going and I expect more and more organizations to do so or start adopting more features cloud technology offers us. A very nice feature is that organizations start to understand better how convenient it is when the ‘gate’ for end users has shifted from Active Directory to Azure Active Directory.

Three big releases will most likely take place this year:

  • AzureStack;
  • Windows Server 2016;
  • System Center 2016.

I strongly believe the release of Windows Server 2016 will dramatically change the way we’re used to work and I really believe the following two features will enable it:

  • Nano Server;
  • Containers.

Since the release of Windows Server 2016 Technical Preview 3, and even more with Windows Server 2016 Technical Preview 4 we’re able to research and experiment with these two features. Fortunately, I don’t expect Windows Server 2016 RTM to be released in the first half of 2016. This allows me to play around with it and understand how it works so that I am prepared when it becomes available.

So, Windows Server 2016 is quite a big tip of the iceberg. With the rest all coming as well I expect 2016 to be a very busy year. But I expect to have a lot of fun with it as well…

So let’s see what’s going to happen this year, I look forward to it.


Looking back at 2015…

So, the year 2015 is almost at its end. While I write this, I am already in my second week of my two week time off. And boy,I really needed this two week break.

2015 was an extremely busy year for me, and I can actually cut the year in half.

At the first half, I was still busy participating in a project where I designed and deployed System Center 2012 R2 Configuration Manager. I also built a stand-alone Image Building environment running MDT 2013. Unfortunately, the project took way longer than expected due the customer being unable to take ownership and start administering it by themselves. Eventually I decided to walk away after the contractual end date of my involvement despite the fact the project isn’t finished yet. The longer it took, the more frustrating the project became for me so the decision to walk away was eventually the right one.

This takes me to the second half. In the second half, I saw a dramatic shift in my job since I did only one Configuration Manager design and deployment in the second half of 2015. I started to extend my skillset on Enterprise Client Management a bit more with Microsoft Intune and Microsoft’s Public Cloud platform: Azure.

I also started to deliver more workshops, master classes and training sessions. This is something I really like to do and I want to thank those who made it possible for me. It allowed to me renew my Microsoft Certified Trainer certification.

Fortunately, the frustrations of the first half provided some learning moments which required me to become a more complete consultant. So my coworker arranged a two day training session for me called “Professional Recommending” (this may be a poor translation of Professioneel Adviseren in Dutch) provided by Yearth. This is by far the most important training I received in my career and it really started to pay off pretty quickly by receiving more positive feedback from customers. I became a more complete consultant with this training.

I was also happy to do the presentation workshop with Monique Kerssens and Jinxiu Hu from Niqué Consultancy BV at ExpertsLive 2015. I was happy to receive the feedback that my presentation skills have developed greatly. To quote them: “you’re standing like a house”.

The icing on the cake came at the end of this year when I was asked to review the DataON CiB-9224 platform. You can read the review in my previous post.

So, I experienced some highs and lows this year. Fortunately, the highs came at the second half.

I look forward to 2016, but that’s for another post…



Windows Intune: Manage Windows Client devices, sort of…

Windows Intune is becoming more and more a viable solution to manage corporate devices. It makes sense to use Windows Intune for enterprise client devices as well. Unfortunately we can’t deploy an Operating System to a client device but we have MDT 2013 for that. This applies to devices only which are capable of receiving a new Operating System, such as desktops, laptops and certain slate devices.

This post focuses on Windows Client devices only, it doesn’t apply to Windows Phone, iOS, Android or Windows RT devices.

From a licensing point of view, Microsoft requires to use either Business (Vista only), Professional (7,8 and 8.1), Enterprise (all supported versions) or Ultimate (Vista and 7 only) editions in corporate environments. Home Editions and especially OEM license keys are not allowed to be used. Windows Intune is in sync with this requirement based on the requirements for the Windows Intune Client which is available at

At the moment I’m running a Windows Intune trial and I enrolled my company laptop to the Windows Intune subscription by installing the Windows Intune Client. The laptop is currently equipped with Windows 8.1 Update Home Edition (OEM install). After enrolling the device, Windows Intune raised an alert that an unsupported edition of Windows is used:

Well, as expected. The Client works like a charm. I receive updates and Endpoint Protection is installed and configured as expected but it is still an unsupported client edition…

So yes, I need to upgrade to Professional or Enterprise but I’m working on that J

But what does this mean in the corporate world? If Windows Client devices are involved, then the Bring Your Own Device (BYOD) concept doesn’t really work for these kind of devices unless a supported Operating System is purchased and deployed. However, I don’t expect employers to tell their employees to buy a Windows Client device with a supported Windows license themselves just for Windows Intune. The employers will most likely provide the device, but then it’s not BYOD anymore. For other devices, Windows Intune is happy to have those enrolled…

I can imagine organizations might go wrong with this from a licensing point of view unintentionally.

For now, I expect most organizations to use Windows Intune with Configuration Manager for now, but I expect the role of Configuration Manager to decline and eventually disappear. However, this won’t apply to organizations bound to regulations or laws regarding Cloud computing since they’re simply not allowed to use the Cloud, but they don’t use Windows Intune anyway…






A personal opinion on the future of ConfigMgr…

A few days ago a press release was announced that The face of ConfigMgr, Wally Mead, left Microsoft to become a Principal Program Manager at Cireson. You can read more about that at

With all the changes in the IT landscape happening now, this news item was still quite surprising to me. But it also confirmed some thoughts that were on my mind recently. I see more and more developments happening towards the Cloud. Eventually, the on-premise infrastructure will quickly become smaller and it dependency will shrink too. Eventually, the management tools will slowly be moved to the Cloud as well. Windows Intune is a good example of this and I expect it to take over ConfigMgr’s role completely. Okay, Windows Intune doesn’t support OSD, but those who need to deploy client machines can still consider MDT 2013. But I see the necessity of deploying an Operating System to a client device become less and less as well.

I notice that SQL 2014 is not supported with ConfigMgr either. I see some blogs passing by where people are upgrading their Site Database Server from to SQL 2014. At this time, I wonder what I’m going to miss by not upgrading tot SQL 2014. However, on TechNet SQL 2014 isn’t mentioned anywhere, see for more information. To me, SQL 2014 is not supported and I won’t recommend creating an unsupported configuration. This is also an indication that makes me wonder if any development of ConfigMgr is still happening…

To me it is a clear signal that I should slowly ask the question what to do when ConfigMgr is no longer there. I’ve been investing time already to recommend organizations to consider using Cloud technology because it will provide you much more sophisticated resources and it will also redefine how to handle the financial element of IT. I can summarize it to: Cloud, unless…

I don’t think ConfigMgr will be gone quickly but I expect its usage decline slowly and gradually, this process will probably take a few years. For now, I am still involved in projects with ConfigMgr involved but I expect to do a lot of other exciting things. To me, change provides opportunites and I’m not afraid of change…

Keep in mind though, that this post is very, very personal…




Windows Intune: issue verifying your domain using the default method…

More and more customers are requesting to initiate a Proof of Concept for Windows Intune. Customers are looking for a management solution for devices which are outside their corporate (and sometimes on-premise) environment because corporate users receive devices of this nature. Examples of these devices are tablets and smart phones (I haven’t seen any requests managing fat clients with Windows Intune).

Windows Intune provides a decent management solution to manage these kind of devices. Though I need to dedicate a blog about my more in-depth impressions about Windows Intune regarding functionality and usability, I believe the product itself is somewhat far from finished. However, knowing the nature of updating by the Windows Intune Product Team, it is a decent way to start managing these devices.

If you use Configuration Manager 2012 SP1, then add the Windows Intune subscription allows you to manage these devices by single console. Windows Intuse is more or less used as a stepping stone to deliver service to these mobile devices…

Setting up Windows Intune is painfully easy, verifying your domain can be quite a challenge.

You need to provide a domain which has a valid registrar. Organizations might have a local domain which isn’t registered but they do have an ‘external’ domain which is. According to the Windows Intune instructions, you need to add a DNS record in that domain that has the following properties:

  • Name: @
  • Type: TXT
  • Body: MSxxxxxxxx  (where ‘x’ is a number)

Unfortunately, some DNS servers don’t allow you to create such a record. reasons can be technical but also organizational because they simply don’t allow it. Adding an MX record is not allowed either.

NOTE: This issue is similar when using Office 365. However, if you already use Office 365 then you don’t need to do this again..

After looking around an alternative method was posted on the Office 365 forums, which is available here:

The alternative method creates a DNS record with the following properties:

  • Name: MSxxxxxxxx (the same numbers)
  • Type: CNAME
  • Alias:

The alternative method should allow you to verify your domain.

I’m happy to see that Microsoft allows organizations to play around with Windows Intune to investigate its usage.

With the coming release of System Center 2012 R2 I expect Windows Intune to be upgraded as well. I hope that mobile devices can be managed more thoroughly.



Posted by on 16/06/2013 in Windows Intune

Steve Thompson [MVP]

The automation specialist

Boudewijn Plomp

Cloud and related stuff...

Anything about IT

by Alex Verboon

Deployment Made Simple

Modern Workplace

Azure, Hybrid Identity & Enterprise Mobility + Security

Daan Weda

This site is all about System Center and PowerShell

IT And Management by Abheek

Microsoft certified Trainer -Abheek

Heading To The Clouds

by Marthijn van Rheenen